Skip to main content

MSTR Defining sets of privileges: Security roles

Security Roles

 Edit 0 1
https://www2.microstrategy.com/producthelp/10.6/SystemAdmin/WebHelp/Lang_1033/Content/Admin/Defining_sets_of_privileges__Security_roles.htm

Defining sets of privileges: Security roles

A security role is a collection of project-level privileges that are assigned to users and groups. For example, you might have two types of users with different functionality needs: the Executive Users who need to run, sort, and print reports, and the Business Analysts who need additional capabilities to drill and change subtotal definitions. In this case, you can create two security roles to suit these two different types of users.
Security roles exist at the project source level, and can be used in any project registered with Intelligence Server. A user can have different security roles in each project. For example, an administrator for the development project may have a Project Administrator security role in that project, but the Normal User security role in all other projects on that server.
A security role is fundamentally different from a user group in the following ways:

A group is a collection of users that can be assigned privileges (or security roles) all at once, for the project source and all projects in it.


A security role is a collection of privileges in a project. Those privileges are assigned as a set to various users or groups, on a project-by-project basis.
For information about how privileges are inherited from security roles and groups, see Controlling access to functionality: Privileges.

Managing security roles

The Security Role Manager lists all the security roles available in a project source. From this manager you can assign or revoke security roles for users in projects, or create or delete security roles. For additional methods of managing security roles, see Other ways of managing security roles.

To assign a security role to users or groups in a project


1In Developer, log in to the project source containing the security role. You must have the Grant/Revoke Privileges privilege.


2Expand Administration, then Configuration Managers, and then select Security Roles. A list of security roles in the project source opens in the main Developer pane.


3Double-click the security role you want to assign to the user or group. The Security Role Editor opens.


4Select the Members tab.


5From the Select a Project drop-down list, select the project for which to assign the security role.


6From the drop-down list of groups, select the group containing a user or group you want to assign the security role to. The users or groups that are members of that group are shown in the list box below the drop-down list.


By default, users are not shown in this list box. To view the users as well as the groups, select the Show users check box.


To assign a top-level group to a security role, from the drop-down list select All Groups.


7Select a desired user or group.


8Click the > icon. The user or group moves to the Selected members list. You can assign multiple users or groups to the security role by selecting them and clicking the > icon.


9When you are finished assigning the security role, click OK. The security role is assigned to the selected users and groups and the Security Role Editor closes.

To create a security role


1In Developer, log in to the project source you want to create the security role in.


2Expand Administration, then Configuration Managers, and then select Security Roles.


3From the File menu, point to New, and select Security Role. The Security Role Editor opens at the General tab.


4Enter a name and description for the new security role.


5Select the Privileges tab.


6Select the privileges to add to this security role. For an explanation of each privilege, see the List of Privileges chapter in the Supplemental Reference for System Administration.
To select all privileges in a privilege group, select the group.

7To assign the role to users, select the Members tab and follow the instructions in To assign a security role to users or groups in a project.


8Click OK to close the Security Role Editor and create the security role.

To delete a security role


1In Developer, log in the project source you want to remove the security role from.


2Expand Administration, then Configuration Managers, and then select Security Roles. A list of security roles in the project source opens in the main Developer pane.


3Click the security role that you want to remove.


4From the File menu select Delete.


5Click Yes to confirm that you want to delete the security role.

Other ways of managing security roles

You can also assign security roles to a user or group in the User Editor or Group Editor. From the Project Access category of the editor, you can specify what security roles that user or group has for each project.
You can assign roles to multiple users and groups in a project through the Project Configuration dialog box. The Project Access - Generalcategory displays which users and groups have which security roles in the project, and allows you to re-assign the security roles.
For detailed instructions on using these editors to manage security roles, see the MicroStrategy Developer Help.
You can also use Command Manager to manage security roles. Command Manager is a script-based administrative tool that helps you perform complex administrative actions quickly. For specific syntax for security role management statements in Command Manager, see Security Role Management in the Command Manager on-line help (from Command Manager, press F1, or select the Help menu). For general information about Command Manager, see Automating Administrative Tasks with Command Manager.
If you are using UNIX, you must use Command Manager to manage your system’s security roles.

Controlling access to a project

You can deny user or group access to a specific MicroStrategy project by using a security role.

To deny user or group access to a project


1In Developer, right-click on the project you want to deny access to. Select Project Configuration. The Project Configuration Editor opens.


2Expand the Project Access category. The Project Access - General dialog box opens.


3In the Select a security role drop-down list, select the security role that contains the user or group who you want to deny project access. For example, select the Normal Users security role.


4On the right-hand side of the Project access - General dialog, select the user or group who you want to deny project access. Then click the left arrow to remove that user or group from the security role. For example, remove the Everyone group.


5Using the right arrow, add any users to the security role for whom you want to grant project access. To see the users contained in each group, highlight the group and check the Show users check box.


6Make sure the user or group whose access you want deny does not appear in the Selected members pane on the right-hand side of the dialog. Then click OK.


7In Developer, under the project source that contains the project you are restricting access to, expand Administration, then expand User Manager.


8Click on the group to which the user belongs who you want to deny project access for. Then double-click on the user in the right-hand side of Developer. The User Editor opens.


9Expand User Definition, then select Project Access.


10In the Security Role Selection row, under the project you want to restrict access to, review the Security Role Selection drop-down list. Make sure that no security role is associated with this project for this user.


11Click OK.
When the user attempts to log in to the project, he receives the message “No projects were returned by this project source.”

The role-based administration model

Beginning with version 9.0, the MicroStrategy product suite comes with a number of predefined security roles for administrators. These roles makes it easy to delegate administrative tasks.
For example, your company security policy may require you to keep the user security administrator for your projects separate from the project resource administrator. Rather than specifying the privileges for each administrator individually, you can assign the Project Security Administrator role to one administrator, and the Project Resource Administrator to another. Because users can have different security roles for each project, you can use the same security role for different users in different projects to further delegate project administration duties.
The predefined project administration roles cover every project-level administrative privilege except for Bypass All Object Security Access Checks. None of the roles have any privileges in common. For a list of the privileges included with each predefined security role, see the List of Privileges chapter in the Supplemental Reference for System Administration.
The predefined administration security roles are:

Power Users, which have the largest subset of privileges of any security role.


Project Bulk Administrators, who can perform administrative functions on multiple objects with Object Manager (see Copying objects between projects: Object Manager), Command Manager (see Automating Administrative Tasks with Command Manager), and the Bulk Repository Translation Tool.


Project Operations Administrators, who can perform maintenance on various aspects of a project.


Project Operations Monitors, who can view the various Intelligence Server monitors but cannot make any changes to the monitored systems.


Project Resource Settings Administrators, who can configure project-level settings.


Project Security Administrators, who create users and manage user and object security.
For instructions on how to assign these security roles to users or groups, see Managing security roles.
Do not modify the privileges for an out-of-the-box security role. During upgrades to newer versions of MicroStrategy, the privileges for the out-of-the-box security roles are overwritten with the default privileges. Instead, you should copy the security role you need to modify and make changes to the copied version.

Comments

  1. Chris LesnarJuly 19, 2021 at 8:49 AM

    Hey there, thanks for providing Solution for this Tableau data integration. I was looking for more information on Tableau Rest API Connection. If you know anything please share. Thanks in advance!

    Tableau Rest Api Connection

    ReplyDelete
  2. LavanyaDecember 14, 2021 at 1:38 AM

    Thank For sharing Valuable Information
    Micro Strategy Online Training
    Micro Strategy Courses

    ReplyDelete

Post a Comment

Popular posts from this blog

Microstrategy Custom number formatting symbols

Custom number formatting symbols If none of the built-in number formats meet your needs, you can create your own custom format in the Number tab of the Format Cells dialog box. Select  Custom  as the Category and create the format using the number format symbols listed in the table below. Each custom format can have up to four optional sections, one each for: Positive numbers Negative numbers Zeros Text Each section is optional. Separate the sections by semicolons, as shown in the example below: #,###;(#,###);0;"Error: Entry must be numeric" For more examples, see  Custom number formatting examples . To jump to a section of the formatting symbol table, click one of the following: Numeric symbols Character/text symbols Date and time symbols Text color symbols Currency symbols Conditional symbols Numeric symbols For details on how numeric symbols apply to the Big Decimal data type, refer to the  Project Design Guide . ...
4 comments
Read more

Reduce Intelligent Cube Size By Finding Intelligent Cube Objects Which Are Not In Use

Reduce Intelligent Cube Size By Finding Intelligent Cube Objects Which Are Not In Use If the i-cubes can potentially be reduced in size an audit can be performed on the cube objects to see which cube objects are not being used by any of the view reports, documents, or dossiers.   The below are examples for a few of the common metadata database platforms . NOTE: To perform this audit, queries are run against the MicroStrategy metadata database. Ensure a metadata backup is taken prior to performing the below actions. Steps: 1) Identify the object ID of the Intelligent cube to be audited by checking the objects Property window 2) Identify the object ID of the project this cube exists within by opening the Project Configuration Sample Cube ID =   CFAF1E9B4D53990698C42E87C7AF2EB5 Sample Project ID =  B7CA92F04B9FAE8D941C3E9B7E0CD754   3) Run the below SQL against the metadata database by replacing the Cube ID and Project ID within the respective ...
Post a Comment
Read more

Algorithm to calculate Logical Table Size in Microstrategy

How are the fact tables determined using the logical table size for SQL generation in MicroStrategy The logical table size is an integer number that represents the granularity or level of aggregation of a particular table. It is called 'logical' because it is not related to the physical size of the tables (number of rows). It is calculated according to the attribute IDs that are present in the table and their level in the system hierarchy.   Even though, the number does not reveal the actual number of rows in the table, it is an accurate way of measuring a table size without having to access its contents.   IMPORTANT:   The system hierarchy is defined by the parent-child relationships between attributes of the same family (formerly known as a dimension), not by user-defined hierarchies (i.e., drilling hierarchies).   MicroStrategy Engine utilizes an algorithm based on attribute keys to calculate the Logical Table Size (LTS): Given the following tables: ...
Post a Comment
Read more

Microstrategy Removing sections that do not have metric data

Removing sections that do not have metric data This is an interesting feature which might not be explored by many of us and it comes us handy. A  cross join between datasets can result in rows or Group Header/Footer sections that do not have metric data. For example, a document contains two datasets. Dataset 1 contains Year and Revenue, with data for three years (2007-2009). Dataset 2 contains Year and Profit, filtered to return data for only two years (2008 and 2009). If you place Year and Profit in the Details and execute the document, it displays three rows, although no profit data exists for 2007. This is a product of the cross join between the two datasets. You do not want to see the blank line for 2007 since it does not give you any data for profit. You can select the  Trim sections for which no metric value data is available  check box. This removes the row for 2007, since no metric data for Profit is available for 2007. The results are shown below: ...
Post a Comment
Read more

"System Prompt" and its uses in MicroStrategy

System Prompt and its uses in MicroStrategy WHAT IS A "SYSTEM PROMPT"? "System Prompt" is a system object that was introduced back in version 8.0.0. The object is named as "User Login" and is implemented as a prompt object. The object can be found under Public Objects > Prompts > System prompts, as shown below: Unlike ordinary prompt objects, system prompts don't require any answers from the user. When a report containing a system prompt runs, the prompt is answered automatically with the login of the user who runs the report. On the other hand, like other prompt objects, answers to system prompts are used to match caches. Therefore, users don't share caches for reports that contain system prompts. For details on how caches are matched, refer to the following MicroStrategy Knowledge Base document: KB5300-7X0-0147 - How are caches matched in MicroStrategy Intelligence Server 7.x? WHEN ARE SYSTEM PROMPTS USED?    System pr...
Post a Comment
Read more

Microstrategy Dossier training videos

Microstrategy Dossier training videos Adding data to a Dossier: Creating a visualization filter in Dossier: Sending Dossier to User libraries: How to format Dossiers: Adding a designer filter to a Dossier: Use Bookmarks in Dossiers: Dynamic Links in Dossier: Recreating documents from Dossiers: Exploring and searching in Dossiers: Exploring sample dossiers in MSTR library: Using Page to Page Targets in Dossiers:
2 comments
Read more

Create an alert-based subscription in MicroStrategy Distribution Services

Create an alert-based subscription in MicroStrategy Distribution Services on Web Subscription to a report or Report Services document which will be executed when a certain conditional threshold is met based on another executing report. For example, a scheduled report executes which shows the Revenue by day for the past week. If the Revenue on any one day falls below a certain value, a subscription to another report or Report Services document can be triggered and delivered to a recipient. An alert based subscription can only be created directly on a report; however, another report or Report Services document can be delivered when the alert based subscription is triggered. Note: you need a grid report to create an alert and you cannot create if you want to create on a document with text boxes. The following example will walk through the basic steps on how to setup a subscription based on an alert like this: Follow the brief  steps bel...
3 comments
Read more

Multi-Select Drop Down Selector with Apply Button

Multi-Select Drop Down Selector with  OK Button  When creating a Report Services Document, you may want to create a drop down selector to save space, but also would like the drop down to be a multi-selector with OK/Apply button. Below are instructions to achieve this in a Report Services Document.  Steps to Create: 1. Right click on your drop down selector and choose Properties and Formatting 2. Navigate to the Layout Tab 3. In the layout tab, click "Allow multiple selections". It will  not  indicate that the check box is enabled, but this step is mandatory.  3. Next, navigate to the Theme tab. Choose the  L ight Theme  from the drop down menu and click the Apply button. 4) Next, change the Theme back to  None  and click Apply. 4. When you return to the Layout tab, you will see the checkbox for  Allow multiple selections  is now checked.  
Post a Comment
Read more

Prompt-in-prompt (nested prompt) in a FreeForm SQL Report in MicroStrategy

Prompt-in-prompt (nested prompt) feature in a FreeForm SQL Report in MicroStrategy  The following procedure describes how to achieve prompt-in-prompt in a Freeform SQL report in MicroStrategy Tutorial project: Create a new filter, select Add an Attribute qualification and choose the highest level attribute Country. Make sure to Qualify On: Elements. Click Prompt as the image shown below. Accept all the default values without any changes in the popped up window after clicking on "Prompt" as shown below. Save the filter as "Country Filter". Click "Prompt", choose "Use a filter to reduce the number of elements" option and select Country Filter created in last step, as shown below. Save the filter as "Region Filter". Select Filter definition prompt -> Choose from an attribute element list as shown below. Choose attribute Call Center and use the Region Filter created in the previous st...
Post a Comment
Read more

Predictive modelling in Data Science using Microstrategy

Creating a predictive modelling in MicroStrategy MicroStrategy Data Mining Services has been evolving to include more data mining algorithms and functionality. One key feature is MicroStrategy Developer’s Training Metric Wizard. The Training Metric Wizard can be used to create several different types of predictive models including linear and exponential regression, logistic regression, decision tree, cluster, time series, and association rules. Linear and exponential regression The linear regression data mining technique should be familiar to you if you have ever tried to extrapolate or interpolate data, tried to find the line that best fits a series of data points, or used Microsoft Excel’s LINEST or LOGEST functions. Regression analyzes the relationship between several predictive inputs, or independent variables, and a dependent variable that is to be predicted. Regression finds the line that best fits the data, with a minimum of error. For example, you have a dataset ...
1 comment
Read more